Section 2, Inc. Has Completed a SOC 2 Exam. Here’s What That Means For You.
Section 2, Inc. (“Section 2”) recently announced the completion of our latest SOC 2 examination. But what does that mean for us as an organization—and for you as our customer, partner, and investor?
At Section 2, keeping customer and stakeholder data secure is our top priority. To ensure that our systems and controls have been designed appropriately to achieve that goal, we sought out third-party attestation from a qualified auditing firm. Our SOC 2 report is the result of their examination.
In this blog post, we’ll explain what a SOC 2 report is, what it covers, and why we chose to undergo this rigorous compliance audit.
WHAT IS A SOC 2 REPORT?
Obtaining a System and Organization Controls (SOC) 2 report is one way for a service organization to attest to the security of its digital environment.
Completing a SOC 2 examination through an accredited third-party auditor does not result in any certification. Instead, the resulting CPA’s report functions as a tool to help an organization communicate whether the internal controls they’ve put in place governing the security of customers’, partners’, and stakeholders’ data are properly designed, implemented, and maintained.
In simpler terms, a SOC 2 report provides an avenue for current and potential stakeholders to assess risk by giving them a closer look at the policies and procedures put in place to ensure the organization’s services are provided safely and reliably.
WHAT DOES A SOC 2 REPORT COVER?
All SOC 2 examinations are performed by accredited CPA firms under the standards defined by SSAE 18. An auditor tests the effectiveness of the internal controls outlined by the organization, then maps those controls to one or a combination of Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA).
In our case, the Trust Services Criteria includes:
- Security: The system is protected against unauthorized access (both physical and logical).
- Availability: The system is available for operation and use as committed or agreed.
- Processing Integrity: System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
- Confidentiality: Information designated as confidential is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives.
The scope of a SOC 2 report can also vary with regard to the time period covered.
WHY DID WE UNDERGO A SOC 2 EXAM?
SOC 2 Type I reports examine an organization’s controls at a single point in time and include a list of the controls tested.
Completing a SOC 2 examination marks a huge step forward in Section 2’s efforts to demonstrate our commitment to data security and ensure that we’re prepared to face the challenges of the ever-changing cybersecurity landscape.
“Achieving SOC 2 Type I compliance isn’t just a checkbox for our risk team; it is a
fundamental promise to our partners. It proves that at Section 2, we don’t just talk about security—we have built our very foundation upon it. This certification validates that our internal controls are robust, reliable, and ready to protect the trust our customers place in us every day.”,” said Debra Geister, CEO.
WHERE CAN I GO FOR MORE INFORMATION?
Our auditor, BARR Advisory, has provided a detailed breakdown on how to read a SOC 2report, including where to find the most important and relevant information for your situation. Current and prospective customers interested in obtaining a copy of Section 2’s latest SOC 2 report may contact Rah Chalmers at [email protected].
Discover more from Section2
Subscribe to get the latest posts sent to your email.
